<?php

/**
 * 用户登录
 */
require_rewrite(SYSTEM_PATH . 'lib/access_control.class.php');

class LoginController {

    private $method;

    public function __construct() {
        //parent::__construct();
        !$themes && $themes = APP_NAME;
        if ($this->tpl === NULL)
            $this->tpl = new SmartyCap(ROOT_PATH, $themes);
        //取得页面访问方式
        $this->method = Handler_http::getMethod();
    }

    public function login() {

        header("Content-type:text/html;charset=utf-8");
        session_start();
        if (!empty($_SESSION['PHPSESSID'])) {
            header("location:" . HTTPFILEURL . "/admin_index/");
        }
        $user_login = trim(Handler_http::getPOST('txtUsername'));
        $user_pass = Handler_http::getPOST('txtPassword'); //密码
        //从数据库中查询用户名与密码
        if (!empty($user_login) && !empty($user_pass)) {
            $key = md5('error_num_' . $user_login);
            $error_time=AdminLoginModule::sql_loginErrTime($user_login);
            if(!empty($error_time)){
                if($error_time['loginErrTime']+(PWD_SUODING_TIME*60) >time()){
                    Handler_http::setSession('txtUsername', null);
                    Handler_http::setSession('txtPassword', null);
                    Handler_http::setSession('PHPSESSID', null);
                    Handler_http::setSession('PHPTYPEID', null);
                    exit(Handler_tool::alertAndRedirectTop('该用户被锁定,请规定时间后重新登录！', HTTPFILEURL . '/login/'));
                }
            }
        $rows = AdminLoginModule::sql_user($user_login, $user_pass);
            if (!empty($rows)) {
//                if ($rows['is_forbidden'] == 1) {
//                    Handler_http::setSession('txtUsername', null);
//                    Handler_http::setSession('txtPassword', null);
//                    Handler_http::setSession('PHPSESSID', null);
//                    Handler_http::setSession('PHPTYPEID', null);
//                    exit(Handler_tool::alertAndRedirectTop('该用户被锁定,请解锁后重新登录！', HTTPFILEURL . '/login/'));
//                }
//                if($rows['loginErrTime']+(PWD_SUODING_TIME*60) >time()){
//                    Handler_http::setSession('txtUsername', null);
//                    Handler_http::setSession('txtPassword', null);
//                    Handler_http::setSession('PHPSESSID', null);
//                    Handler_http::setSession('PHPTYPEID', null);
//                    exit(Handler_tool::alertAndRedirectTop('该用户被锁定,请规定时间后重新登录！', HTTPFILEURL . '/login/'));
//                }
                $time = AdminLoginModule::sqlPwdTime($rows['id']);
                $SQLTIME = $time[0]['pwd_time'] + EXPIRED_TIME * 24 * 3600;
                if ($rows['is_oper'] != "1") {
                    exit(Handler_tool::alertAndRedirectTop('您的帐号不可进入本系统，请联系管理员！', HTTPFILEURL . '/login/'));
                }
                if (!empty($rows['ip_adress']) && $rows['ip_adress'] != AdminLoginModule::getUserIp()) {
                    exit(Handler_tool::alertAndRedirectTop('您的帐号不可进入本系统，请联系管理员！', HTTPFILEURL . '/login/'));
                } else {
                    if ($SQLTIME < time()) {
                        Handler_http::setSession('PHPTYPEID', true);
                    }
                    $user = AdminLoginModule::returnMd5($user_login);
                    Handler_http::delSession($key);
                    setcookie('login_out', '1', time() + SITE_TIME, '/');
                    Handler_http::setSession('txtUsername', $user);
                    Handler_http::setSession('txtPassword', md5($user_pass . ADMIN_KEY));
                    Handler_http::setSession('PHPSESSID', $rows['id']);
                    $log_admin = AdminLoginModule::sqlUpUserLoginTime($rows['id']);
                    $log = LogManager::writeAdminLoginLog($rows['id'], $rows['username'], '1');
                    //header("location:".HTTPFILEURL."/admin_index/");
                    Handler_tool::scriptRedirect("/admin_index/");
                }
            } else {
                $return = AdminLoginModule::user_assess($user_login);
                if ($return) {
                    Handler_tool::alertAndRedirectTop('该用户输入错误密码超过规定次数,请解锁后重新登录!', '/login/');
                }
                $log = LogManager::writeAdminLoginLog('', $user_login, '0');
                Handler_tool::alertAndRedirectTop('用户名或密码错误!', HTTPFILEURL . '/login/');
            }
        } else {
            $this->tpl->assign('name', $user_login);
            $this->tpl->display("login.html");
        }
    }

    public function admin_index() {
        header("Content-type:text/html;charset=utf-8");
        session_start();
        if (empty($_SESSION['PHPSESSID'])) {
            header("location:" . HTTPFILEURL);
        } else {
            $this->tpl->display("admin_index.html");
        }
    }

    /*
     * 修改密码和密码修改时间
     */

    public function update_time() {
        header("Content-type:text/html;charset=utf-8");
        session_start();
        if (empty($_SESSION['PHPSESSID'])) {
            exit(header("location:" . HTTPFILEURL . "/login/"));
        }
        $type = Handler_http::getSession('PHPTYPEID');
        if (!empty($type)) {
            $userid = Handler_http::getSession('PHPSESSID');
            $row_user = AdminLoginModule::select_cookie($userid);
            $pwd_arr = Handler_validate::getExpressions();
            if ($this->method == "POST") {
                $up_pwd = $_POST['password'];
                $up_con_pwd = $_POST['con_password'];
                if (!preg_match($pwd_arr['str'], $up_pwd) || strlen($up_pwd) != intval($pwd_arr['length'])) {
                    Handler_tool::alertAndRedirect('请输入指定格式组成的密码！', HTTPFILEURL . '/update_time/');
                }
                if ($up_pwd == $up_con_pwd) {
                    $up = AdminLoginModule::sqlUpPwdTime($userid, $up_pwd);
                    if ($up) {
                        $key = md5('error_num_' . $row_user['username']);
                        Handler_http::delSession($key);
                        exit(Handler_tool::alertAndRedirectTop('密码修改成功,自动退出后请用新密码登录！', HTTPFILEURL . '/logout/'));
                    }
                } else {
                    Handler_tool::alert('密码与确认密码不同！');
                }
            }
            $this->tpl->assign("username", $row_user['username']);
            $this->tpl->assign("pwdTxt", $pwd_arr);
            $this->tpl->display("update_time.html");
        } else {
            Handler_tool::scriptRedirect('/login/');
        }
    }

    public function left() {
        header("Content-type:text/html;charset=utf-8");
        session_start();
        $type_time_id = Handler_http::getSession('PHPTYPEID');
        $userid = Handler_http::getSession('PHPSESSID');
        $rows = AdminLoginModule::select_grouproot($userid); //查找该用户的权限

        if (!$rows) {
            Handler_http::setSession('txtUsername', null);
            Handler_http::setSession('txtPassword', null);
            Handler_http::setSession('PHPSESSID', null);
            Handler_http::setSession('PHPTYPEID', null);
            exit(Handler_tool::alertAndRedirectTop('该用户所属用户组不可用，请联系管理员重新分配！', HTTPFILEURL . '/login/'));
        }
        $status = AdminLoginModule::select_cookie($userid); //查找该用户是否可用
        if ($status['is_oper'] == '1') {
            if (!empty($type_time_id)) {
                $this->tpl->assign("type_time", $type_time_id);
            } else {
                $user_menu = NavMenuModule::get_user_menu($rows);
                if (!empty($user_menu)) {
                    $this->tpl->assign("user_text", $user_menu);
                } else {
                    Handler_http::setSession('txtUsername', null);
                    Handler_http::setSession('txtPassword', null);
                    Handler_http::setSession('PHPSESSID', null);
                    Handler_http::setSession('PHPTYPEID', null);
                    exit(Handler_tool::alertAndRedirectTop('该用户暂未分配用户组，请联系管理员！', HTTPFILEURL . '/login/'));
                }
            }
            $this->tpl->assign("username", $status['username']);
            $this->tpl->display("left.html");
        } else {
            Handler_http::delSession('txtUsername');
            Handler_http::delSession('txtPassword');
            Handler_http::delSession('PHPSESSID');
            Handler_http::delSession('PHPTYPEID');
            exit(Handler_tool::alertAndRedirectTop('您的帐号不可进入本系统，请联系管理员！', HTTPFILEURL . '/login/'));
        }
    }

    public function mainfra() {
        header("Content-type:text/html;charset=utf-8");
        $this->tpl->display("mainfra.html");
    }

    public function top() {
        header("Content-type:text/html;charset=utf-8");
        $this->tpl->display("top.html");
    }

    public function logout() {
        session_start();
        Handler_http::setSession('txtUsername', null);
        Handler_http::setSession('txtPassword', null);
        Handler_http::setSession('PHPSESSID', null);
        Handler_http::setSession('PHPTYPEID', null);
        header("location:" . HTTPFILEURL);
    }

}

?>